​

Installing Trieve on Azure (AKS)

Things you need:

• Domain name
• helm cli
• azure cli
• kubectl
• k9s (optional)

​

Clone the Trieve repository

git clone https://github.com/devflowinc/trieve.git
cd trieve

​

Login to Azure

az login --use-device-code

​

Provision Terraform

Azure should be configured with your IAM credentails chosen. Run the following commands to create the AKS cluster

cd terraform/azure
terraform init
terraform apply

​

Login to the cluster

az aks get-credentials --resource-group trieve --name trieve

​

Install Trieve Depenedencies

Trieve depends on the following:

• Keycloak (or some other oidc compliant Auth Provider)
• Postgres We are using the CloudNativePG operator.
• Redis We are using the bitnami redis helm chart.
• Clickhouse We are using clickhouse-operator.
• Qdrant We are using qdrant-helm chart.

​

Ingress nginx + Cert Manager (optional)

Ingress-nginx + Cert manager is how we will expose the trieve services to the internet. Feel free to use whatever ingress controller you are comfortable with.

# To install ingress-nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0-beta.0/deploy/static/provider/cloud/deploy.yaml
# To install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml
# To install ClusterIssuer for keycloak
kubectl apply -f helm/test-production/keycloak-extras/cluster-issuer.yaml

​

Clickhouse

First install the clickhouse operator and clickhouse installation.

Note that this has a preconfigured password and user. We will use these in the helm chart. They will need to be changed in a production environment according to your password policy.

kubectl apply -f helm/test-production/clickhouse/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/clickhouse/

Check the status of the clickhouse installation.

kubectl get ClickhouseInstallations

When the above command returns the following, clickhosue is installed.

NAME                CLUSTERS   HOSTS   STATUS      HOSTS-COMPLETED   AGE
trieve-clickhouse   1          1       Completed                     3m3s

​

OIDC Compliant server (Keycloak)

This is an example of installing keycloak on Azure. You can use any other OIDC compliant provider.

kubectl apply -f helm/test-production/keycloak/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/keycloak/

To verify Keycloak has started run

kubectl get sts trieve-keycloak

​

Install the Keycloak Ingress and set your A record

1. Edit helm/test-production/keycloak-extras/keycloak-ingress.yaml and replace yourdomain.com with your domain name.

2. Apply the ingress

kubectl apply -f helm/test-production/keycloak-extras/keycloak-ingress.yaml

kubectl get ingress ingress-keycloak

You will get an output like this:

NAME               CLASS   HOSTS                 ADDRESS        PORTS     AGE
ingress-keycloak   nginx   auth.yourdomain.com   4.157.193.10   80, 443   2m10s

Add an A record to your domain registrar with the IP address of the ingress.

auth.yourdomain.com -> 4.157.193.10 # Example IP

​

Configure Keycloak authorized redirect URIs

1. Access the Keycloak admin console at https://auth.YOUR-DOMAIN.COM/admin/master/console/#/trieve/clients/list
2. Login with the default credentials: Username: admin Password: password
3. Select the “trieve” client and add the following configurations:

Valid redirect and Valid post logout redirect URIs:

https://api.YOUR-DOMAIN.COM/*
https://dashboard.YOUR-DOMAIN.COM/*
https://chat.YOUR-DOMAIN.COM/*
https://search.YOUR-DOMAIN.COM/*

4. Save the changes

​

Qdrant helm chart

Each node also has qdrant-node taint on it, so that the trieve pods can be scheduled on the same nodes types

Note that apiKey is also preset to qdrant-api-key, this may need to be changed if you plan on enabling qdrant ingress.

helm repo add qdrant https://qdrant.github.io/qdrant-helm
helm repo update
helm upgrade -i qdrant qdrant/qdrant -f helm/test-production/qdrant-values.yaml

Verify Qdrant is installed

kubectl get sts qdrant

NAME     READY   AGE
qdrant   3/3     54s

​

Postgresql (via CloudNativePG)

Insstall the postgresql operator and postgresql installation.

kubectl apply --server-side -f helm/test-production/cnpg/operator.yaml
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/cnpg/postgresql-instance.yaml

Verify the postgresql installation via.

# To verify the operator is installed
kubectl get deployment -n cnpg-system cnpg-controller-manager
# To verify the postgresql cluster is installed
kubectl get pods -l cnpg.io/cluster=postgresql-cluster

​

Redis helm chart

For simplicity, we are using the bitnami redis helm chart. You can use the azure redis cache service if you prefer.

helm upgrade -i redis oci://registry-1.docker.io/bitnamicharts/redis -f helm/test-production/redis-values.yaml

​

Install Trieve

​

Modify domain names

If you followed the steps above, values.az.yaml should be mostly preconfigured for you. The only thing needed to modify are the domain names. Replace every instance of yourdomain.com with your domain name.

We highlight the locations where you need to replace yourdomain.com with your domain name below.

domains:
  dashboard:
    host: dashboard.yourdomain.com
    class: nginx
  server:
    host: api.yourdomain.com
    class: nginx
  search:
    host: search.yourdomain.com
    class: nginx
  chat:
    host: chat.yourdomain.com
    class: nginx
...
config:
...
  vite:
    apiHost: https://api.yourdomain.com/api
    searchUiUrl: https://search.yourdomain.com
    chatUiUrl: https://chat.yourdomain.com
    dashboardUrl: https://dashboard.yourdomain.com
...
  trieve:
	baseServerUrl: "https://api.yourdomain.com"
  oidc:
    issuerUrl: "https://auth.yourdomain.com/realms/trieve"
    authRedirectUrl: "https://auth.yourdomain.com/realms/trieve/protocol/openid-connect/auth"

Install the helm chart

helm upgrade -i trieve-az \
  helm/ \
  -f helm/values.az.yaml

​

Verify the installation

After installing, kubectl get deployments should look like this.

NAME                READY   UP-TO-DATE   AVAILABLE   AGE
bktree-worker       1/1     1            1           14m
chat                1/1     1            1           14m
crawl-worker        1/1     1            1           14m
dashboard           1/1     1            1           14m
delete-worker       1/1     1            1           14m
group-worker        1/1     1            1           14m
ingest              10/10   10           10          14m
keycloak-operator   1/1     1            1           46m
redis               1/1     1            1           46m
search              1/1     1            1           14m
server              3/3     1            0           14m
sync-qdrant         0/0     0            0           14m
word-worker         1/1     1            1           14m

​

Set Ingress

​

Get Ingress ip address

kubectl get ingress

You will get an output like this:

ingress-chat                nginx    chat.yourdomain.com        4.157.193.10   80, 443   7m43s
ingress-dashboard           nginx    dashboard.yourdomain.com   4.157.193.10   80, 443   7m43s
ingress-keycloak            nginx    auth.yourdomain.com        4.157.193.10   80, 443   20m
ingress-search              nginx    search.yourdomain.com      4.157.193.10   80, 443   7m43s
ingress-server              nginx    api.yourdomain.com         4.157.193.10   80, 443   7m43s

​

Add A records

Add A records to your domain registrar with the IP address of the ingress.

chat.yourdomain.com      -> 4.157.193.10 # Example IP
dashboard.yourdomain.com -> 4.157.193.10 # Example IP
search.yourdomain.com    -> 4.157.193.10 # Example IP
api.yourdomain.com       -> 4.157.193.10 # Example IP

You will also need to update any other references to that domain name in the helm/values.az.yaml file.

Ensure you run helm upgrade -i -f helm/values.az.yaml trieve-az helm/ after making changes. to apply them.